Nimbus SRP usage

Initial setup and prerequisites

To setup SRP-6a authentication in your environment you must first settle on
certain protocol settings which should then remain permanent:

Crypto parameters - safe prime 'N' and generator 'g'. These affect the
cryptographic strength of the SRP-6a protocol. Choosing a larger prime 'N'
increases security but may slow down computation somewhat. The
SRP6CryptoParams
class provides a range of precomputed and read-to-use safe primes from 256 to
1024 bit length.

Hash algorithm 'H' for the message digests. The default is "SHA-1" but you
may switch to a stronger one as long as it's supported by the underlying Java
runtime.

The preferred salt 's' length. The default salt length is 16 bytes or you may
choose a different size.

The routines for the password key 'x' as well as for the client and server
evidence messages 'M1' and 'M2'. You can stick to the default ones or define
your own if required.

Important notes:

The settings that you settled upon must then be employed consistently by all
clients and servers in your SRP-6a authentication environment. If just a single
setting varies between client and server authentication will fail. If
third-party client apps are going to participate make sure all SRP settings are
clearly published. If you decide to change the parameters at some point in
future you will have to re-register all affected users so that their verifiers
match.

The SRP-6a settings may be published by various means, for example through a
JSON message.

The 'N' and 'g' crypto parameters are hex (base-16) encoded. The library
includes a BigIntegerUtils class to help you with encoding / decoding to /
from hex.

User registration

A user registers their credentials with an SRP-6a server by providing their
user identity (username) 'I', a salt 's' and a verifier 'v'. The verifier is a
cryptographic value derived from the salt 's' and password 'P'.

The default Nimbus SRP routine for computing the verifier:

x = H(s | H(P))
v = g^x (mod N)

The server must store the salt and the verifier values of the user for the
subsequent authentication requests.

The salt 's' and verifier 'v' can be generated on the client side with the
SRP6VerifierGenerator.
The resulting values are then passed to the server to register the user
credentials.